Sophos XDR: Expanding their defense against active adversaries 

By admin 0 Comments

Sophos latest capabilities to help defend against sophisticated multi-stage attacks. 

Active adversaries are highly skilled cybercriminals who use advanced methods to bypass traditional security measures and execute multi-stage attacks. To combat these sophisticated threats, organizations need adaptive security controls that can detect, investigate, and respond effectively. 

Sophos continuously enhance their capabilities to provide robust defense against these advanced attacks. Leveraging the expertise of their Sophos X-Ops unit and telemetry from both Sophos and third-party solutions, they deliver top-notch protection, detection, and response. Their latest enhancements to the Sophos Extended Detection and Response (XDR) platform are designed to offer even greater power against active adversaries. 

Enhanced Sophos XDR Detections 

Configurable Suppression Rules 

Security operators now have more control over the detections generated by the Sophos XDR platform. With an intuitive suppression wizard, analysts can focus on critical detections by suppressing confirmed-benign events. These granular rules can be tailored based on severity, detection type, MITRE ATT&CK details, and more. 

Comprehensive Detection Summaries 

To aid quick decision-making and task execution, Sophos XDR detections now come with “natural language” descriptions. This enhancement ensures that threat alerts are immediately understandable to analysts of all skill levels, accelerating investigation and response times. 

Streamlined SophosLabs Intelix Integration 

Sophos Endpoint detections are automatically sent to SophosLabs Intelix for threat classification and analysis. This integration enriches detection details with high-fidelity threat intelligence, eliminating the need for manual submissions to SophosLabs. 

Enhanced Microsoft 365 Detections 

Sophos XDR now collects and analyzes comprehensive audit log data from Microsoft 365, identifying more threats than Microsoft’s own security tools. The latest platform detections focus on compromised accounts and Business Email Compromise. The integration with the “Microsoft Office 365 Management Activity API” is included at no additional cost. 

Sophos XDR Public APIs 

Sophos has introduced two new APIs to integrate Sophos XDR data into existing security operations tools and workflows. These APIs allow organizations to: 

  • Accelerate investigation and response with automated workflows. 
  • Centralize analysis of security telemetry. 
  • Enrich Sophos XDR detections with additional threat intelligence. 

Increase Multi-Dimensional Visibility with Technology Integrations 

To provide a comprehensive view of active adversaries’ activities, Sophos XDR collects, correlates, and analyzes data from a wide range of sources. New integrations available for Sophos XDR and Sophos MDR customers include: 

  • Forcepoint Next-Gen Firewall 
  • F5 BIG IP Application Security Manager (ASM) 
  • Cisco Umbrella 
  • Cisco Identity Services Engine (ISE) 

Microsoft Graph Security Integration (Version 2) 

Their new version of the Microsoft Graph security integration, “Microsoft Graph security API (Alerts v2),” offers additional information from a range of Microsoft security solutions. This integration helps analysts accelerate detection, investigation, and response, and is included at no extra cost. 

Quickly Identify Vulnerable Endpoints and Servers 

Their new Device Exposure dashboard in the Sophos Central console provides an overview of endpoint and server devices missing critical OS updates. This visualization helps manage cybersecurity risks by highlighting the time elapsed since the last updates and offering customizable queries for further details. 

Vulnerability Management Delivered as a Managed Service 

Sophos Managed Risk, powered by Tenable, helps organizations identify and prioritize remediation efforts for their external attack surface. This service eliminates blind spots and focuses on exposures posing the highest risk. 

Recognized by Industry Experts and Customers 

Sophos XDR and Sophos MDR continue to receive high praise for their superior capabilities: 

  • Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response (MDR). 
  • Leader in Frost & Sullivan’s 2024 Frost Radar™ for Global Managed Detection and Response. 
  • The only vendor named a Gartner Customers’ Choice in multiple categories including Endpoint Protection Platforms and Managed Detection & Response Services. 
  • Leader in G2 Winter 2024 Reports for EPP, EDR, MDR, XDR, and Firewall. 
  • Leader for the 14th consecutive time in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms. 

To learn more and explore how Sophos XDR can elevate defenses against active adversaries, contact our Cyfer Tech team.  

  • Share:
Previous Post

Sophos Email Awarded VBSpam+ Certification: A Benchmark in Email Security
Next Post

Cyfer Tech and Sophos: Leading the Way with CISA's Secure by Design Initiative 
Send a Message